- Resource Center
TokenEx is devoted to tokenization as a means of industry and regulatory compliance. Founded in 2010 by two former Qualified Security Assessors, TokenEx was created with the mission of providing organizations with the most secure, non-intrusive, and flexible data-security solution on the market.
TokenEx is a PCI Certified Level 1 Service Provider, and the TokenEx Cloud Security Platform is designed to help you achieve PCI compliance.
An assessment of TokenEx’s control environment is performed by independent service auditors on a regular basis. The SOC (Service Organization Controls) 2 and 3 reports examine the controls TokenEx maintains over its infrastructure, software, networks, people, procedures, and processes. Based on the Trust Services Criteria, the reports confirm:
TokenEx is compliant with the General Data Protection Regulation (GDPR), legislation enacted by the EU (European Union) to help fortify data protection for all individuals within the EU. The goal of the regulation is to protect the personal data of all EU citizens by regulating how their data is shared, stored, and managed. It also addresses the export of personal data outside of the EU. Moreover, it is designed to standardize data privacy laws across the EU with the main goal to “protect and empower all EU citizens' data privacy and to reshape the way organizations across the region approach data privacy.”
The TokenEx platform is used by clients worldwide, including clients in the vast majority of EU nations, to secure and protect both PCI and personal data sets. TokenEx’s tokenization process is a well-recognized and accepted form of pseudonymization, making compliance with the privacy requirements of GDPR more certain, less costly, and much simpler.
The HITRUST Common Security Framework (CSF) provides organizations with a comprehensive approach to compliance and risk management. The HITRUST CSF combines key regulations and standards into a single overarching framework, including those applicable to PCI, PHI, and PII.
TokenEx’s control environment is aligned with the HITRUST CSF.
TokenEx complies with both the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information to and from the European Union, the United States, the member countries, and Switzerland, as applicable to each framework.
TokenEx has certified to the Department of Commerce that it adheres to both the Privacy Shield Principles and the Swiss-U.S. Privacy Shield.
The Cloud Security Alliance’s Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies that use STAR follow best practices and validate the security posture of their cloud offerings.
The STAR registry documents the security and privacy controls provided by popular cloud-computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions. TokenEx completes an annual Cloud Controls Matrix self-assessment, and we subscribe to the Cloud Security Alliance Code of Conduct for GDPR Compliance.
TokenEx regularly performs due diligence on the security controls we have in place. Due diligence of these controls includes but is not limited to:
• Network Penetration Testing
• Dynamic and Static Application Security Testing
• Wireless Penetration Testing and Assessment
• Network Vulnerability Scanning
• Device Configuration Reviews
• Access Control Reviews
• Log Reviews